PublicCMS Stored Cross-Site Scripting Vulnerability via Malicious PDF Upload
Vulnerability
A stored cross-site scripting (XSS) vulnerability exists in PublicCMS versions through v5.202506.d. This issue allows users to upload PDF files containing JavaScript payloads that bypass PDF security checks in the backend file utility. When the PDF is viewed, the embedded JavaScript can execute, potentially leading to credential theft, unauthorized API actions, and other security risks. The vulnerability is present in all file upload endpoints, including those for templates and web files.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where uploaded PDFs execute JavaScript when viewed, potentially stealing credentials or executing arbitrary API commands.
Reproduction
To reproduce this vulnerability, upload a PDF file containing a JavaScript payload to any of the file upload endpoints. The malicious PDF will be saved in the website's static directory. When the PDF is opened, the JavaScript payload executes, demonstrating the cross-site scripting vulnerability.
Remediation
Users are advised to update to PublicCMS version 5.202506.e or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.